HL7 UK - UK Core Access
0.1.0 - ci-build
HL7 UK - UK Core Access, published by HL7 UK. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7-UK/UK-Core-Access/ and changes regularly. See the Directory of published versions
Providers and Consumers SHOULD adopt the recommendations in the FHIR Implementer's Safety Check List.
Providers and Consumers SHOULD adopt NHS Clinical risk management standards where applicable to their use case and locality.
Providers and Consumers MAY consider the following potential hazards that have been identified during development of the implementation guide:
Providers may choose to return search results in a series of pages.
If a Consumer fails to request additional pages of search results it is possible that clinical decisions will be taken
using incomplete information.
If a Consumer uses the _count
parameter to request large pages of information it is possible that very many resources
are returned such that the capacity of the system is overwhelmed.
Providers may choose to return informational and warning messages from search results within an OperationOutcome resource in the response. If a Consumer fails to process the OperationOutcome it is possible that clinical decisions will be taken without considering the relevant information and/or warnings.
Patient search results may include counterintuitive results. For example, a Provider may return more than one matched patient, even where a highly specific search is used (e.g. NHS Number). If the Consumer fails to select the correct patient from within the returned Patient resources it is possible that clinical decisions will be taken using incorrect information.
Patient search results may be incomplete. For example, a Provider may hold information on a matching patient, but not include the information in the search results due to security constraints or information sharing rules. If the Consumer assumes that the Provider holds no information related to the patient it is possible that clinical decisions will be taken using incorrect information.
Providers and Consumers SHOULD adopt the recommendations in FHIR Security and Privacy guide.
Providers and Consumers SHOULD adopt NHS Data security and information governance guidance where applicable to their use case and locality.
The Provider SHOULD add CORS headers so that a Consumer can make requests from within a browser.
The Provider MAY allow unsecured requests to the capabilities
interaction so that a Consumer can discover and use the appropriate security service.
The Provider SHOULD ensure that the identity of the Consumer is known and that there is legal basis for sharing information with them.